| CNNVD-ID编号 | CNNVD-200602-126 | CVE编号 | CVE-2006-0642 |
| 发布时间 | 2006-02-10 | 更新时间 | 2006-02-14 |
| 漏洞类型 | 设计错误 | 漏洞来源 | Discovered by Mert SARICA |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | trend_micro | ||
Trend Micro ServerProtect 5.58,并且还可能包括InterScan Messaging Security Suite和InterScan Web Security Suite,具有一项默认设置,即\"当已提取的文件数超过500时不扫描压缩文件\",这个限值在某些情况下可能会太小,从而使得远程攻击者可以借助发送包含众多小文件的压缩包来绕过反病毒检测。
目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本。
来源: BUGTRAQ
名称: 20060205 RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.
链接:http://www.securityfocus.com/archive/1/archive/1/424172/100/0/threaded
来源: BUGTRAQ
名称: 20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.
链接:http://www.securityfocus.com/archive/1/archive/1/423914/100/0/threaded
来源: BUGTRAQ
名称: 20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.
链接:http://www.securityfocus.com/archive/1/archive/1/423913/100/0/threaded
来源: BUGTRAQ
名称: 20060203 Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.
链接:http://www.securityfocus.com/archive/1/archive/1/423896/100/0/threaded
来源: MISC
链接:http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html
来源: MISC
链接:http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf
来源: XF
名称: serverprotect-file-scanning-bypass(24658)
来源: BID
名称: 16483
计算
安全
数据库
网络和加速
企业服务
